So many popups [Archive] - Safer-Networking Forums

JohnSnow

2015-10-07, 04:17

whatever infected my wife's laptop opens so many popups and redirects that I can't read anything in a browser, and it presents all kinds of 'click here to fix your PC' type messages. I ran the FRST tool and the logs are posted below. I ran the ASWMBR tool but it closes before I can save the log. Please let me know if there is some trick to saving the log.
Any help greatly appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Abi (administrator) on Abi-Laptop (06-10-2015 20:47:16)
Running from C:\Users\Abi\Desktop
Loaded Profiles: Abi (Available Profiles: Abi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cinema PlusV04.10) C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-6.exe
(Cinema PlusV04.10) C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-6.exe
(Cinema PlusV04.10) C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Cinema PlusV04.10) C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-6.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\hnsfFB53.tmp
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Users\Abi\AppData\Roaming\NetService\netservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\shopperz011020151101\Vubficvh.exe
(SS) C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\shopperz011020151101\Kixjucfio.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\shopperz011020151101\csrcc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(MyBrowser 1.0.2V06.10) C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-10.exe
() C:\Users\Abi\AppData\Local\gmsd_ca_005010107\upgmsd_ca_005010107.exe
() C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe
() C:\Users\Abi\AppData\Local\Temp\nso9DF5.tmp
(MyBrowser 1.0.2V06.10) C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6.exe
(MyBrowser 1.0.2V06.10) C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6.exe
() C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe
() C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe
() C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe
() C:\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\knsqCB46.tmp
() C:\Users\Abi\AppData\Roaming\SSN\ssn.exe
() C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe
(MyBrowser 1.0.2V06.10) C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-10.exe
() C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2822952 2012-02-24] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [InstantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] ()
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-03] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [mbot_ca_014010106] => [X]
HKLM-x32\...\Run: [gmsd_ca_005010107] => C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe [3976336 2015-10-05] ()
HKLM-x32\...\RunOnce: [upgmsd_ca_005010107.exe] => C:\Users\Abi\AppData\Local\gmsd_ca_005010107\upgmsd_ca_005010107.exe [3300496 2015-10-05] ()
HKLM-x32\...\RunOnce: [Update] => C:\Users\Abi\AppData\Roaming\ASPackage\ASPackage.exe /runonce
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Run: [Save Serp Now] => C:\Users\Abi\AppData\Roaming\SSN\updssn.exe [26112 2014-11-21] ()
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Run: [GoogleChromeAutoLaunch_5E135CCE23F4BBF9E00EFA280613872A] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-14] (AVAST Software)
Startup: C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-10-06]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\Kixjucfio.dll [283496 2015-10-04] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Kixjucfio.dll [283496 2015-10-04] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Kixjucfio.dll [283496 2015-10-04] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Kixjucfio.dll [283496 2015-10-04] ()
Winsock: Catalog9 16 C:\Windows\SysWOW64\Kixjucfio.dll [283496 2015-10-04] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{15CD2FC4-BBE6-4572-989A-6AE7E0E8ED2E}: [NameServer] 82.163.143.162,82.163.142.164
Tcpip\..\Interfaces\{F6B24CDD-A746-40B4-A6EC-4E45B40509B2}: [NameServer] 82.163.143.162,82.163.142.164
Tcpip\..\Interfaces\{F6B24CDD-A746-40B4-A6EC-4E45B40509B2}: [DhcpNameServer] 64.71.255.204 64.71.255.198

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FA5zbwybl001,5e975b8b-9a9b-4b31-93c1-85af2746d910,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FA5zbwybl001,5e975b8b-9a9b-4b31-93c1-85af2746d910,&q={searchTerms}
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FA5zbwybl001,5e975b8b-9a9b-4b31-93c1-85af2746d910,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FA5zbwybl001,5e975b8b-9a9b-4b31-93c1-85af2746d910,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {4F1251B0-ED36-4A53-B1D8-0700B350C9B6} URL = hxxp://www-searching.com/search.aspx?s=FA5zbwybl001,5e975b8b-9a9b-4b31-93c1-85af2746d910&site=shyosie&prd=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {5885ECFB-B6D1-4EDE-AF43-AED548EF4833} URL =
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FA5zbwybl001,5e975b8b-9a9b-4b31-93c1-85af2746d910,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: No Name -> {93F8D5C2-0BF6-4315-9316-AA5FC9948AC5} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-03-08] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-10-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-10-03] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}] - C:\Program Files\shopperz011020151101\Firefox
FF Extension: shopperz011020151101 - C:\Program Files\shopperz011020151101\Firefox [2015-10-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-02]
FF HKLM-x32\...\Firefox\Extensions: [{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}] - C:\Program Files\shopperz011020151101\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M9949BBB5-612F-46C6-AB70-1CB1982CDBD9&SearchSource=55&CUI=&UM=8&UP=SPA5B516FC-0DD9-40D3-9CAD-07D1BA184ADB&D=100415&SSPV="

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR Profile: C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-25]
CHR Extension: (YouTube) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-25]
CHR Extension: (Google Search) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-25]
CHR Extension: (MyBrowser 1.0.2V06.10) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-10-06]
CHR Extension: (Google Docs Offline) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Avast Online Security) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-04]
CHR Extension: (Skype Click to Call) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-02]
CHR Extension: (CinemaP-1.9cV04.10) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (CinemaPlus-3.2cV04.10) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-10-04]
CHR Extension: (Gmail) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-25]
CHR HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [107648 2012-03-08] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-14] (Avast Software)
R2 bigosucu; C:\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\knsqCB46.tmp [396288 2015-10-06] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 csrcc; C:\Program Files\shopperz011020151101\csrcc.exe [1444544 2015-10-01] ()
R2 gyvixodu; C:\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\hnsfFB53.tmp [203776 2015-10-04] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-16] (Intel Corporation)
R3 Kixjucfio; C:\Program Files\shopperz011020151101\Kixjucfio.exe [2024808 2015-10-01] ()
R2 NetTcpHandler; C:\Users\Abi\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 shopperz011020151101 Updater; C:\Program Files\shopperz011020151101\Vubficvh.exe [171200 2015-10-01] ()
R2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-14] (AVAST Software)
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34720 2015-10-04] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 2015-09-24] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-14] (AVAST Software)
R1 swsedrvr_vt_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys [61304 2015-09-22] (SS)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-14] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 20:47 - 2015-10-06 20:47 - 00033247 _____ C:\Users\Abi\Desktop\FRST.txt
2015-10-06 20:46 - 2015-10-06 20:47 - 00000000 ____D C:\FRST
2015-10-06 20:45 - 2015-10-06 20:43 - 02193920 _____ (Farbar) C:\Users\Abi\Desktop\FRST64.exe
2015-10-06 20:41 - 2015-10-06 20:41 - 00000000 ____D C:\Users\Abi\Desktop\SoftwareTools
2015-10-06 13:47 - 2015-10-06 20:39 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-10-06 13:47 - 2015-10-06 20:39 - 00002822 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-10-06 13:47 - 2015-10-06 20:39 - 00002822 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-10-06 13:47 - 2015-10-06 20:39 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-10-06 13:47 - 2015-10-06 20:39 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-10-06 13:47 - 2015-10-06 20:39 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-10-06 13:47 - 2015-10-06 13:47 - 00004034 _____ C:\Windows\System32\Tasks\ORGJcze6Wh9asiLsOyqhOX
2015-10-06 13:47 - 2015-10-06 13:47 - 00001049 _____ C:\Users\Abi\Desktop\AnyProtect.lnk
2015-10-06 13:47 - 2015-10-06 13:47 - 00001008 _____ C:\Windows\Tasks\ORGJcze6Wh9asiLsOyqhOX.job
2015-10-06 13:47 - 2015-10-06 13:47 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-10-06 13:46 - 2015-10-06 20:46 - 00005858 _____ C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6.job
2015-10-06 13:46 - 2015-10-06 20:46 - 00003134 _____ C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6.job
2015-10-06 13:46 - 2015-10-06 13:47 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-10-06 13:46 - 2015-10-06 13:46 - 00613255 _____ (CMI Limited) C:\Users\Abi\AppData\Local\nsp2B0E.tmp
2015-10-06 13:46 - 2015-10-06 13:46 - 00008886 _____ C:\Windows\System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6
2015-10-06 13:46 - 2015-10-06 13:46 - 00008544 _____ C:\Windows\System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7
2015-10-06 13:46 - 2015-10-06 13:46 - 00006500 _____ C:\Windows\System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7
2015-10-06 13:46 - 2015-10-06 13:46 - 00006162 _____ C:\Windows\System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6
2015-10-06 13:46 - 2015-10-06 13:46 - 00005514 _____ C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7.job
2015-10-06 13:46 - 2015-10-06 13:46 - 00005472 _____ C:\Windows\System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5
2015-10-06 13:46 - 2015-10-06 13:46 - 00003470 _____ C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7.job
2015-10-06 13:46 - 2015-10-06 13:46 - 00002442 _____ C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5_user.job
2015-10-06 13:46 - 2015-10-06 13:46 - 00002442 _____ C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.job
2015-10-06 13:46 - 2015-10-06 13:46 - 00000000 __SHD C:\Users\Abi\AppData\Roaming\AnyProtectEx
2015-10-06 13:46 - 2015-10-06 13:46 - 00000000 ____D C:\Program Files (x86)\e63821bb-3a31-457e-8aa3-f2cc9efa11bf
2015-10-06 13:45 - 2015-10-06 20:45 - 00002108 _____ C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-10_user.job
2015-10-06 13:45 - 2015-10-06 14:23 - 00000000 ____D C:\Users\Abi\AppData\Local\gmsd_ca_005010107
2015-10-06 13:45 - 2015-10-06 13:46 - 00000000 ____D C:\Program Files (x86)\MyBrowser 1.0.2V06.10
2015-10-06 13:45 - 2015-10-06 13:45 - 00007520 _____ C:\Windows\System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3
2015-10-06 13:45 - 2015-10-06 13:45 - 00004490 _____ C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3.job
2015-10-06 13:45 - 2015-10-06 13:45 - 00000000 ____D C:\Program Files (x86)\gmsd_ca_005010107
2015-10-06 13:44 - 2015-10-06 13:44 - 00004078 _____ C:\Windows\System32\Tasks\Crossbrowse
2015-10-06 13:44 - 2015-10-06 13:44 - 00002398 _____ C:\Users\Public\Desktop\Crossbrowse.lnk
2015-10-06 13:44 - 2015-10-06 13:44 - 00001052 _____ C:\Windows\Tasks\Crossbrowse.job
2015-10-06 13:44 - 2015-10-06 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-10-06 13:44 - 2015-10-06 13:44 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-10-05 22:07 - 2015-10-05 22:07 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-05 22:07 - 2015-10-05 22:07 - 00000207 _____ C:\Windows\tweaking.com-regbackup-Abi-Laptop-Windows-7-Home-Premium-(64-bit).dat
2015-10-05 22:07 - 2015-10-05 22:07 - 00000000 ____D C:\RegBackup
2015-10-05 22:07 - 2015-10-05 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-05 22:07 - 2015-10-05 22:07 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-05 22:06 - 2015-10-05 22:04 - 04687448 _____ (Tweaking.com) C:\Users\Abi\Desktop\tweaking.com_registry_backup_setup.exe
2015-10-05 22:04 - 2015-10-05 22:04 - 04687448 _____ (Tweaking.com) C:\Users\Abi\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-05 18:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-10-05 18:31 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20151005-183130.backup
2015-10-05 18:24 - 2015-10-05 18:24 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-10-05 18:23 - 2015-10-05 19:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-05 18:23 - 2015-10-05 18:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-05 18:23 - 2015-10-05 18:23 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-10-05 18:23 - 2015-10-05 18:23 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-10-05 18:23 - 2015-10-05 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-10-05 18:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-10-05 18:21 - 2015-10-05 18:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Abi\Downloads\spybot-2.4.exe
2015-10-04 21:34 - 2015-10-06 15:34 - 00002442 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-5_user.job
2015-10-04 21:34 - 2015-10-06 15:34 - 00002442 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-5.job
2015-10-04 21:34 - 2015-10-04 21:34 - 00005472 _____ C:\Windows\System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-5
2015-10-04 21:33 - 2015-10-06 20:38 - 00005858 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-6.job
2015-10-04 21:33 - 2015-10-06 20:38 - 00003134 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-1-6.job
2015-10-04 21:33 - 2015-10-06 15:33 - 00005514 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-7.job
2015-10-04 21:33 - 2015-10-06 15:33 - 00003470 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-1-7.job
2015-10-04 21:33 - 2015-10-04 21:33 - 00034720 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-10-04 21:33 - 2015-10-04 21:33 - 00008886 _____ C:\Windows\System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-6
2015-10-04 21:33 - 2015-10-04 21:33 - 00008544 _____ C:\Windows\System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-7
2015-10-04 21:33 - 2015-10-04 21:33 - 00006500 _____ C:\Windows\System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-1-7
2015-10-04 21:33 - 2015-10-04 21:33 - 00006162 _____ C:\Windows\System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-1-6
2015-10-04 21:32 - 2015-10-06 15:32 - 00005180 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-11.job
2015-10-04 21:32 - 2015-10-06 15:32 - 00004490 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-3.job
2015-10-04 21:32 - 2015-10-06 13:46 - 00000000 ____D C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b
2015-10-04 21:32 - 2015-10-05 06:16 - 00002108 _____ C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-10_user.job
2015-10-04 21:32 - 2015-10-04 21:32 - 00008210 _____ C:\Windows\System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-11
2015-10-04 21:32 - 2015-10-04 21:32 - 00007520 _____ C:\Windows\System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-3
2015-10-04 21:32 - 2015-10-04 21:32 - 00003458 _____ C:\Windows\System32\Tasks\bvxvexvbg
2015-10-04 21:31 - 2015-10-06 13:18 - 00000000 ____D C:\Users\Abi\AppData\Local\bvxvexvbg
2015-10-04 21:31 - 2015-10-04 22:17 - 00000000 ____D C:\ProgramData\KeyStream
2015-10-04 21:31 - 2015-10-04 22:07 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV04.10
2015-10-04 21:31 - 2015-10-04 21:33 - 00000000 ____D C:\ProgramData\Service0561
2015-10-04 21:31 - 2015-10-04 21:33 - 00000000 ____D C:\Program Files (x86)\Feed Notifier
2015-10-04 21:31 - 2015-10-04 21:31 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
2015-10-04 21:30 - 2015-10-05 19:51 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-10-04 21:30 - 2015-10-05 06:22 - 00000000 ____D C:\Users\Abi\AppData\Roaming\RunDir
2015-10-04 21:30 - 2015-10-05 06:18 - 00000000 ____D C:\Program Files\shopperz011020151101
2015-10-04 21:30 - 2015-10-04 21:32 - 00000000 ____D C:\Users\Abi\AppData\Local\SearchProtect
2015-10-04 21:30 - 2015-10-04 21:31 - 00004712 _____ C:\Windows\SysWOW64\Kixjucfio.ini
2015-10-04 21:30 - 2015-10-04 21:31 - 00002424 _____ C:\Windows\SysWOW64\KixjucfioOff.ini
2015-10-04 21:30 - 2015-10-04 21:31 - 00002424 _____ C:\Windows\system32\KixjucfioOff.ini
2015-10-04 21:30 - 2015-10-04 21:30 - 00003640 _____ C:\Windows\System32\Tasks\Delhivv
2015-10-04 21:30 - 2015-10-04 21:30 - 00001905 _____ C:\Users\Abi\Desktop\jogotempo.lnk
2015-10-04 21:30 - 2015-10-04 21:30 - 00000045 _____ C:\user.js
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Windows\system32\dev
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Roaming\ortmp
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Roaming\NetService
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\LocalLow\Company
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Local\Tempfolder
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Local\MyBrowser
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Program Files (x86)\jogotempo
2015-10-04 21:30 - 2015-10-01 04:03 - 00283496 _____ C:\Windows\SysWOW64\Kixjucfio.dll
2015-10-04 21:30 - 2015-09-24 11:46 - 00061344 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-10-04 21:29 - 2015-10-04 22:40 - 00000000 ____D C:\Users\Abi\AppData\Local\SmartWeb
2015-10-04 21:29 - 2015-10-04 21:29 - 00000000 ____D C:\Users\Abi\AppData\LocalLow\SmartWeb
2015-10-04 21:28 - 2015-10-05 06:17 - 00000292 _____ C:\Windows\Tasks\yxnb.job
2015-10-04 21:27 - 2015-10-05 21:40 - 00170647 _____ C:\Windows\wininit.ini
2015-10-04 21:27 - 2015-10-04 22:33 - 00000000 ____D C:\Users\Abi\AppData\Local\DeskBar
2015-10-04 21:27 - 2015-10-04 21:27 - 00002297 _____ C:\Users\Abi\Desktop\BrowserAir.lnk
2015-10-04 21:27 - 2015-10-04 21:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-10-04 21:27 - 2015-10-04 21:27 - 00000000 ____D C:\Users\Abi\AppData\Local\Crossbrowse
2015-10-04 21:27 - 2015-10-04 21:27 - 00000000 ____D C:\Users\Abi\AppData\Local\BrowserAir
2015-10-04 21:26 - 2015-10-06 20:38 - 00003128 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6.job
2015-10-04 21:26 - 2015-10-06 15:26 - 00003128 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7.job
2015-10-04 21:26 - 2015-10-06 15:26 - 00002436 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-5_user.job
2015-10-04 21:26 - 2015-10-06 15:26 - 00002436 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.job
2015-10-04 21:26 - 2015-10-06 13:11 - 00001012 _____ C:\Windows\Tasks\qmKnKxZOiKwp192d4S8lxBYl.job
2015-10-04 21:26 - 2015-10-04 21:26 - 00006158 _____ C:\Windows\System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7
2015-10-04 21:26 - 2015-10-04 21:26 - 00006156 _____ C:\Windows\System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6
2015-10-04 21:26 - 2015-10-04 21:26 - 00005466 _____ C:\Windows\System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-5
2015-10-04 21:26 - 2015-10-04 21:26 - 00004236 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_313139303630333836352d45372a5a506c41324a345741
2015-10-04 21:26 - 2015-10-04 21:26 - 00004038 _____ C:\Windows\System32\Tasks\qmKnKxZOiKwp192d4S8lxBYl
2015-10-04 21:26 - 2015-10-04 21:26 - 00003526 _____ C:\Windows\System32\Tasks\Inst_Rep
2015-10-04 21:26 - 2015-10-04 21:26 - 00000000 ____D C:\ProgramData\SearchModule
2015-10-04 21:26 - 2015-10-04 21:26 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-10-04 21:25 - 2015-10-06 20:45 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-04 21:25 - 2015-10-06 20:40 - 00000990 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-10-04 21:25 - 2015-10-06 20:40 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-10-04 21:25 - 2015-10-06 20:38 - 00005508 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-6.job
2015-10-04 21:25 - 2015-10-06 15:25 - 00005174 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-11.job
2015-10-04 21:25 - 2015-10-06 15:25 - 00005172 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-7.job
2015-10-04 21:25 - 2015-10-06 15:25 - 00004148 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-3.job
2015-10-04 21:25 - 2015-10-06 13:50 - 00000994 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-10-04 21:25 - 2015-10-06 13:45 - 00003992 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-10-04 21:25 - 2015-10-06 13:45 - 00003738 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-10-04 21:25 - 2015-10-05 06:16 - 00002102 _____ C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-10_user.job
2015-10-04 21:25 - 2015-10-04 22:07 - 00000000 ____D C:\Program Files (x86)\CinemaP-1.9cV04.10
2015-10-04 21:25 - 2015-10-04 21:25 - 00008536 _____ C:\Windows\System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-6
2015-10-04 21:25 - 2015-10-04 21:25 - 00008204 _____ C:\Windows\System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-11
2015-10-04 21:25 - 2015-10-04 21:25 - 00008202 _____ C:\Windows\System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-7
2015-10-04 21:25 - 2015-10-04 21:25 - 00007178 _____ C:\Windows\System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-3
2015-10-04 21:25 - 2015-10-04 21:25 - 00000000 ____D C:\Users\Abi\AppData\Local\globalUpdate
2015-10-04 21:25 - 2015-10-04 21:25 - 00000000 ____D C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005
2015-10-04 21:24 - 2015-10-04 21:24 - 00004186 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2015-10-04 21:24 - 2015-10-04 21:24 - 00004174 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2015-10-04 21:23 - 2015-10-04 21:24 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Local\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-04 21:20 - 2015-10-04 21:25 - 00000000 ____D C:\Users\Abi\AppData\Local\A0FEA676-1443993646-E111-9F63-E98E551D30CD
2015-10-04 21:20 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-04 21:19 - 2015-10-06 15:11 - 00000000 ____D C:\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD
2015-10-04 21:19 - 2015-10-05 12:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\ASPackage
2015-10-04 21:19 - 2015-10-04 21:19 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-10-04 21:19 - 2015-10-04 21:19 - 00000000 ____D C:\Users\Abi\AppData\Local\Geckofx
2015-10-04 21:18 - 2015-10-04 21:18 - 00000000 ____D C:\Users\Abi\AppData\Roaming\proical
2015-10-04 21:17 - 2015-10-04 21:27 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2015-10-04 21:17 - 2015-10-04 21:18 - 00000000 ____D C:\Users\Abi\AppData\Roaming\SSN
2015-10-03 16:19 - 2015-10-03 16:19 - 00001008 _____ C:\Users\Public\Desktop\LockDown Browser FOL.lnk
2015-10-03 16:19 - 2015-10-03 16:19 - 00000000 ____D C:\Program Files (x86)\Respondus
2015-10-03 16:16 - 2015-10-03 16:17 - 56749720 _____ (Respondus, Inc.) C:\Users\Abi\Downloads\LockDownBrowser-200-02.exe
2015-10-02 14:42 - 2015-10-02 14:42 - 00000000 ____D C:\Users\Abi\AppData\Local\{2319E2F5-D64B-4A67-A7CC-AAFC35C207EC}
2015-10-02 11:41 - 2015-10-02 11:41 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll
2015-10-01 21:53 - 2015-10-01 21:53 - 04032512 _____ C:\Users\Abi\Downloads\0176509739_386709.ppt
2015-09-23 19:48 - 2015-09-23 19:48 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Awesomium
2015-09-22 17:41 - 2015-09-22 17:41 - 00061304 _____ (SS) C:\Windows\system32\Drivers\swsedrvr_vt_1_10_0_25.sys
2015-09-22 17:41 - 2015-09-22 17:41 - 00057720 _____ (SS) C:\Windows\system32\Drivers\swsedrvr_vw_1_10_0_25.sys
2015-09-22 09:30 - 2015-09-22 09:30 - 00022641 _____ C:\Users\Abi\Downloads\receipt for Sept 13.zip
2015-09-21 19:19 - 2015-09-21 19:19 - 00387071 _____ C:\Users\Abi\Downloads\Sheri chp2 PPT6 Correcting Entries.pptx
2015-09-21 19:18 - 2015-09-21 19:18 - 01309276 _____ C:\Users\Abi\Downloads\Sheri chp1 PPT5 Financial Statements.pptx
2015-09-21 19:18 - 2015-09-21 19:18 - 00539375 _____ C:\Users\Abi\Downloads\Sheri chp2 PPT4 Posting.pptx
2015-09-21 19:18 - 2015-09-21 19:18 - 00392069 _____ C:\Users\Abi\Downloads\Sheri chp2 PPT5 Unadjusted Trial Balance.pptx
2015-09-21 19:17 - 2015-09-21 19:17 - 01575824 _____ C:\Users\Abi\Downloads\Sheri chp2 PPT3 Journalizing.pptx
2015-09-21 19:17 - 2015-09-21 19:17 - 01086144 _____ C:\Users\Abi\Downloads\Sheri chp2 PPT2 The Double Entry Accounting System.pptx
2015-09-21 19:17 - 2015-09-21 19:17 - 01060913 _____ C:\Users\Abi\Downloads\Sheri chp2 ppt1 Analyizing Transactions.pptx
2015-09-18 16:18 - 2015-09-18 16:19 - 88847328 _____ C:\Users\Abi\Downloads\PhotoPass_20150918_55fc70a06287e_3.zip
2015-09-18 16:16 - 2015-09-18 16:19 - 164912544 _____ C:\Users\Abi\Downloads\PhotoPass_20150918_55fc70a06287e_4.zip
2015-09-18 16:15 - 2015-09-18 16:19 - 164912544 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_4 (4).zip
2015-09-18 16:15 - 2015-09-18 16:19 - 151613672 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_1 (6).zip
2015-09-18 16:15 - 2015-09-18 16:19 - 149921556 _____ C:\Users\Abi\Downloads\PhotoPass_20150918_55fc70a06287e_1.zip
2015-09-18 16:15 - 2015-09-18 16:18 - 124142712 _____ C:\Users\Abi\Downloads\PhotoPass_20150918_55fc70a06287e_2.zip
2015-09-18 16:15 - 2015-09-18 16:18 - 123003816 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_2 (3).zip
2015-09-18 16:15 - 2015-09-18 16:16 - 45656825 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_3 (4).zip
2015-09-16 16:58 - 2015-09-16 16:59 - 164912544 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_4 (3).zip
2015-09-16 16:57 - 2015-09-16 16:57 - 45656825 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_3 (3).zip
2015-09-16 16:55 - 2015-09-16 16:58 - 164912544 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_4 (2).zip
2015-09-16 16:55 - 2015-09-16 16:58 - 123003816 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_2 (2).zip
2015-09-16 16:55 - 2015-09-16 16:57 - 151613672 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_1 (5).zip
2015-09-16 16:55 - 2015-09-16 16:55 - 45656825 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_3 (2).zip
2015-09-16 16:54 - 2015-09-16 16:57 - 151613672 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_1 (4).zip
2015-09-16 16:52 - 2015-09-16 16:53 - 151613672 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_1 (3).zip
2015-09-14 19:37 - 2015-09-14 19:37 - 01086144 _____ C:\Users\Abi\Downloads\Sheri+chp2+PPT2+The+Double+Entry+Accounting+System.pptx
2015-09-12 16:12 - 2015-09-12 16:12 - 01060913 _____ C:\Users\Abi\Downloads\Sheri+chp2+ppt1+Analyizing+Transactions.pptx
2015-09-12 16:09 - 2015-09-12 16:09 - 00065296 _____ C:\Users\Abi\Downloads\Sheri+chp1+PPT3+The+Accounting+Equation.pptx
2015-09-12 16:08 - 2015-09-12 16:08 - 00323754 _____ C:\Users\Abi\Downloads\Sheri+chp1+PPT4+Recording+Business+Transactions.pptx
2015-09-09 20:32 - 2015-09-09 20:32 - 03036691 _____ C:\Users\Abi\Downloads\ADMN-1014+Getting+Started+_Online.pptx
2015-09-09 20:27 - 2015-09-09 20:27 - 02980659 _____ C:\Users\Abi\Downloads\ADMN-1014+Course+Introduction_Online.pptx
2015-09-08 14:05 - 2015-09-08 14:05 - 02980659 _____ C:\Users\Abi\Downloads\ADMN-1014 Course Introduction_Online.pptx
2015-09-07 15:53 - 2015-09-07 15:53 - 00000000 ____D C:\Users\Abi\Documents\Paradigm
2015-09-07 15:53 - 2015-09-07 15:53 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Paradigm
2015-09-07 15:51 - 2015-10-06 20:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-07 15:51 - 2015-10-03 16:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-07 15:51 - 2015-09-07 15:51 - 00002771 _____ C:\Users\Public\Desktop\Launch Online Lab.lnk
2015-09-07 15:51 - 2015-09-07 15:51 - 00000000 ____D C:\ProgramData\Paradigm
2015-09-07 15:51 - 2015-09-07 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradigm
2015-09-07 15:51 - 2015-09-07 15:51 - 00000000 ____D C:\Program Files (x86)\Paradigm
2015-09-07 14:56 - 2015-09-07 14:56 - 00764562 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-09-07 14:44 - 2015-09-07 14:44 - 00889416 _____ (Microsoft Corporation) C:\Users\Abi\Downloads\dotNetFx40_Full_setup.exe
2015-09-07 14:42 - 2015-09-07 14:42 - 30893992 _____ (Paradigm) C:\Users\Abi\Downloads\keyboarding6e2013.exe
2015-09-07 14:35 - 2015-09-07 14:35 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-09-07 14:35 - 2015-09-07 14:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-09-07 14:34 - 2015-09-07 14:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-07 14:33 - 2015-09-07 14:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-09-07 14:33 - 2015-09-07 14:33 - 00000000 ____D C:\Windows\PCHEALTH
2015-09-07 14:30 - 2015-09-07 14:30 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-09-07 14:30 - 2015-09-07 14:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-09-07 14:29 - 2015-09-07 14:33 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-06 21:53 - 2015-09-06 21:53 - 00000000 ____D C:\Users\Abi\Downloads\PREACTIVATED WINDOWS 7 + WINDOWS 8.1 +OFFICE 2013 PRO PLUS
2015-09-06 21:52 - 2015-09-06 21:52 - 00733005 _____ C:\Users\Abi\Downloads\PREACTIVATED_WINDOWS_7_+_WINDOWS_8_1_+_OFFICE_2013_PRO_PLUS.torrent
2015-09-06 17:00 - 2015-09-07 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-09-06 16:07 - 2015-09-07 14:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-06 11:37 - 2015-09-06 11:37 - 00000000 ____D C:\Users\Abi\Downloads\Microsoft Office 2013 SP1 Pro + Visio + Project + 15.0.4737.1001 RePack by KpoJIuK
2015-09-06 11:36 - 2015-09-06 11:36 - 00029320 _____ C:\Users\Abi\Downloads\28E409E030BECEF170CEBD51EB41C2EDA4B2E316.torrent
2015-09-06 11:35 - 2015-09-06 11:35 - 00002635 _____ C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-09-06 11:34 - 2015-09-07 04:46 - 00000000 ____D C:\Users\Abi\AppData\Roaming\uTorrent
2015-09-06 11:34 - 2015-09-06 11:34 - 01699936 _____ (BitTorrent Inc.) C:\Users\Abi\Downloads\uTorrent.exe
2015-09-06 10:21 - 2015-09-06 10:22 - 151613672 _____ C:\Users\Abi\Downloads\PhotoPass_20150903_55e86580ec21f_1 (2).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 20:47 - 2009-07-14 01:13 - 00779018 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-06 20:39 - 2012-11-25 21:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 20:39 - 2012-09-22 15:08 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Skype
2015-10-06 20:38 - 2012-05-28 10:39 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-10-06 20:38 - 2012-05-28 10:33 - 01954797 _____ C:\Windows\WindowsUpdate.log
2015-10-06 15:17 - 2012-12-02 15:49 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-06 13:20 - 2009-07-14 00:45 - 00024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 13:20 - 2009-07-14 00:45 - 00024416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-06 13:11 - 2012-11-25 21:21 - 00002475 _____ C:\Users\Abi\Desktop\Google Chrome.lnk
2015-10-06 13:08 - 2012-05-28 10:39 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-10-06 13:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-06 13:07 - 2009-07-14 00:51 - 00063271 _____ C:\Windows\setupact.log
2015-10-05 22:21 - 2012-08-18 19:47 - 00001417 _____ C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-05 21:52 - 2014-03-30 11:33 - 00000000 ____D C:\Users\Abi\AppData\Roaming\DesktopIconForAmazon
2015-10-05 18:35 - 2015-07-31 15:11 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-05 18:31 - 2009-07-13 22:34 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151005-214925.backup
2015-10-05 12:27 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-05 06:17 - 2009-07-14 00:45 - 00459216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-04 22:55 - 2015-04-19 08:20 - 00000626 _____ C:\Users\Abi\AppData\Roaming\qmKnKxZOiKwp192d4S8lxBYl
2015-10-04 21:30 - 2012-04-04 03:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-10-04 21:30 - 2012-04-04 03:23 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-10-04 21:27 - 2012-10-21 10:44 - 00000000 ____D C:\Users\Abi\AppData\Local\CrashDumps
2015-10-04 21:25 - 2012-04-04 04:20 - 00000000 ____D C:\Program Files (x86)\Acer
2015-10-04 10:36 - 2015-01-02 17:12 - 00044433 _____ C:\Users\Abi\Documents\Bills 2014 2015.xlsx
2015-10-03 16:19 - 2015-01-03 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus
2015-10-03 16:19 - 2015-01-03 16:13 - 00000000 ____D C:\Program Files (x86)\Respondus LockDown Browser
2015-10-03 16:19 - 2012-04-04 03:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-03 16:19 - 2012-04-04 03:51 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-03 16:19 - 2012-04-04 03:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-03 16:10 - 2012-11-25 21:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-03 16:10 - 2012-05-28 10:39 - 00003492 _____ C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2015-10-01 21:12 - 2013-08-22 18:18 - 00000000 ____D C:\Users\Abi\Documents\Christmas
2015-09-24 14:01 - 2012-09-02 12:25 - 00000000 ____D C:\Users\Abi\AppData\Local\Microsoft Help
2015-09-16 11:14 - 2012-11-25 21:20 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 11:14 - 2012-11-25 21:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 17:02 - 2012-11-25 14:24 - 00000000 ____D C:\Users\Abi\AppData\Local\Google
2015-09-10 14:40 - 2012-08-18 19:43 - 00113928 _____ C:\Users\Abi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-09 11:41 - 2012-09-10 18:43 - 00000000 ____D C:\Users\Abi\Documents\School
2015-09-07 16:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-07 14:38 - 2012-09-02 12:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-07 14:35 - 2012-04-04 04:10 - 00000000 ____D C:\Windows\ShellNew
2015-09-07 14:35 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-07 14:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-07 14:31 - 2009-07-13 22:34 - 00000510 _____ C:\Windows\win.ini
2015-09-07 14:29 - 2012-05-28 11:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-07 14:22 - 2010-11-20 23:47 - 00374284 _____ C:\Windows\PFRO.log
2015-09-07 14:19 - 2012-04-04 04:18 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-09-07 14:17 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-09-07 13:44 - 2012-04-04 03:54 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll
2015-09-07 13:35 - 2012-04-04 03:56 - 00001024 ___RH C:\Users\Public\Documents\NTILiveUpdateV9.dll
2015-09-07 13:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-07 05:04 - 2014-01-22 22:32 - 00000000 ____D C:\Windows\system32\MRT
2015-09-06 09:47 - 2015-05-04 18:22 - 00000000 ____D C:\Users\Abi\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Abi\AppData\Roaming\ORGJcze6Wh9asiLsOyqhOX
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Abi\AppData\Roaming\ORGJcze6Wh9asiLsOyqhOX.exe
2015-04-19 08:20 - 2015-10-04 22:55 - 0000626 _____ () C:\Users\Abi\AppData\Roaming\qmKnKxZOiKwp192d4S8lxBYl
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Abi\AppData\Roaming\qmKnKxZOiKwp192d4S8lxBYl.exe
2015-10-06 13:46 - 2015-10-06 13:46 - 0613255 _____ (CMI Limited) C:\Users\Abi\AppData\Local\nsp2B0E.tmp
2015-08-17 13:20 - 2015-08-17 13:20 - 0000851 _____ () C:\Users\Abi\AppData\Local\recently-used.xbel
2012-05-28 10:50 - 2012-05-28 10:53 - 0002454 _____ () C:\ProgramData\clear.fiSDK20.log
2012-05-28 10:51 - 2012-05-28 10:51 - 0000032 _____ () C:\ProgramData\PS.log

Some files in TEMP:
====================
C:\Users\Abi\AppData\Local\Temp\2203.exe
C:\Users\Abi\AppData\Local\Temp\6974.exe
C:\Users\Abi\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-04-04 03:23] - [2015-10-04 21:30] - 0357888 ____A (Microsoft Corporation) F5411C5B71CD5077B30987CFC5C91B66

C:\Windows\SysWOW64\dnsapi.dll
[2012-04-04 03:23] - [2015-10-04 21:30] - 0270336 ____A (Microsoft Corporation) BDFB2EE32909A89B551EE92441316294

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-01 13:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Abi (2015-10-06 20:48:38)
Running from C:\Users\Abi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-18 23:41:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Abi (S-1-5-21-1835340503-273950527-3103715778-1001 - Administrator - Enabled) => C:\Users\Abi
Administrator (S-1-5-21-1835340503-273950527-3103715778-500 - Administrator - Disabled)
Guest (S-1-5-21-1835340503-273950527-3103715778-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1835340503-273950527-3103715778-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2728.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
AnySend (HKLM-x32\...\ASPackage) (Version: - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaP-1.9cV04.10 (HKLM-x32\...\CinemaP-1.9cV04.10) (Version: 1.36.01.22 - Cinema PlusV04.10) <==== ATTENTION
CinemaPlus-3.2cV04.10 (HKLM-x32\...\CinemaPlus-3.2cV04.10) (Version: 1.36.01.22 - Cinema PlusV04.10) <==== ATTENTION
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== ATTENTION
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVDFab 9.2.0.2 (10/06/2015) Non-Decryption (HKLM-x32\...\DVDFab 9 NonDecALL_is1) (Version: - Fengtao Software Inc.)
ETDWare PS/2-X64 10.6.9.8_WHQL (HKLM\...\Elantech) (Version: 10.6.9.8 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Feed Notifier 2.6 (HKLM-x32\...\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1) (Version: - Michael Fogleman)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GamesDesktop 026.005010107 (HKLM-x32\...\gmsd_ca_005010107_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
jogotempo 3.4 (HKLM-x32\...\jogotempo) (Version: 3.4 - DN)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyStream (HKLM-x32\...\KeyStream) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
MakeMKV v1.8.10 (HKLM-x32\...\MakeMKV) (Version: v1.8.10 - GuinpinSoft inc)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyBrowser 1.0.2V06.10 (HKLM-x32\...\MyBrowser 1.0.2V06.10) (Version: 1.36.01.22 - MyBrowser 1.0.2V06.10)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Noticeboard Renew (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Noticeboard Renew)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paradigm Keyboarding (HKLM-x32\...\{07ccd1ce-3d4a-4ec1-a4a2-e08ff97db84c}) (Version: 6.2.12 - Paradigm)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
proical (HKLM-x32\...\{94a7f28f-1a35-490e-8bda-daf7e804e645}) (Version: 1.0.0 - citadex) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Search module (HKLM-x32\...\Search module) (Version: - Goobzo)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
shopperz (HKLM\...\{93F8D5C2-0BF6-4315-9316-AA5FC9948AC5}_is1) (Version: 2.0.0.475 - shopperz) <==== ATTENTION
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSN (HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Save Serp Now) (Version: 1.05 - SSN Corp) <==== ATTENTION
SwiftSearch 1.10.0.25 (HKLM-x32\...\SwiftSearch_1.10.0.25) (Version: 1.10.0.25 - SwiftSearch)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0419-0000-0000000FF1CE}_Office15.PROPLUS_{60CB2530-FFDB-4506-9B1D-3E82A0D8F55F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0422-0000-0000000FF1CE}_Office15.PROPLUS_{88ED957B-9B08-4B2A-92C3-225527A6BB48}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0419-0000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0422-0000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1835340503-273950527-3103715778-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Abi\AppData\Roaming\proical\comanmin.dll () <==== ATTENTION

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-10-05 21:49 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0568B927-97F8-4E63-A3D6-12424505FB86} - System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-5_user => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {062F4E0A-EC63-435B-B245-F6F446086ED7} - System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-7 => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-7.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {0A81DB0A-86CF-45FE-A6D8-4D3F2C8ED9FF} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: {1F7D7EE0-9989-4BAC-9F23-F64E8852D7A5} - System32\Tasks\bvxvexvbg => C:\Users\Abi\AppData\Local\bvxvexvbg\bvxvexvbg.exe [2015-09-21] () <==== ATTENTION
Task: {228BF3CF-98F1-44CA-BC78-50BA21B3C262} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {261C7A06-6327-441E-BF45-76819A4240ED} - System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7 => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7.exe [2015-10-06] (MyBrowser 1.0.2V06.10) <==== ATTENTION
Task: {2981835A-DE0D-4630-BB66-D5D214EF84A7} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-10-06] () <==== ATTENTION
Task: {3399F2EA-ECA2-41A9-8A60-C4FD4A96FAEF} - System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-7.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {3E73F48D-810A-4622-8B7F-EF49AD832C7C} - System32\Tasks\qmKnKxZOiKwp192d4S8lxBYl => C:\Users\Abi\AppData\Roaming\qmKnKxZOiKwp192d4S8lxBYl.exe [2015-04-20] () <==== ATTENTION
Task: {46684C09-6A11-4F6A-A0E7-DB3A31730BBE} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {4F96D115-B397-4AB7-9FB2-96BF5C3FF2CD} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {516FE8C3-447D-4660-944B-8DB95DFAD780} - System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-6 => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-6.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {54FCB97E-2F03-44CD-A8B0-BE92EBFD1992} - System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-11 => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-11.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {5C061765-DDA2-45D9-B39D-DB1FD3222DB7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-10-06] (AnyProtect.com) <==== ATTENTION
Task: {5D98FF86-CF5E-403D-88A0-E2C52B8438DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {652A310C-8C03-42C2-BC01-90A4CEAF1C6E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-10-06] (AnyProtect.com) <==== ATTENTION
Task: {6A4ACB52-9C44-40D6-BC52-54DD49537F16} - System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6 => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {6B9DF09A-F399-4FA4-AFD4-07335F60F3C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {71957BC3-0E7B-42B4-B6E8-F9AD6C3E7464} - System32\Tasks\ORGJcze6Wh9asiLsOyqhOX => C:\Users\Abi\AppData\Roaming\ORGJcze6Wh9asiLsOyqhOX.exe [2015-04-20] () <==== ATTENTION
Task: {75DF3501-E6DC-42A1-A00A-189EA483F493} - System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-7 => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-7.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {786257AB-1ACF-4D9E-8467-196505D705F9} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: {833BB259-E9DF-4EC5-AD01-3C52A2DD693B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-14] (AVAST Software)
Task: {85A05D18-A0AE-4DFA-B9CF-3E8067EC21AF} - System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7 => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {8A3DB2CA-F49F-4299-B5E2-F904AA641562} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8B76CDE7-8F3D-47D4-93DA-0D13D3A98474} - System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-11 => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-11.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {8B86FC70-581D-42A6-8DAE-8D2CC33AAA50} - System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5_user => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.exe [2015-10-06] (MyBrowser 1.0.2V06.10) <==== ATTENTION
Task: {94FF0B3A-9FFF-4517-A30A-8A1E901F1744} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {96C61418-12D0-4B93-A244-135B7D654DAF} - System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7 => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7.exe [2015-10-06] (MyBrowser 1.0.2V06.10) <==== ATTENTION
Task: {9929A2DF-2F18-4D57-8E79-086EE9CABCC3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {9DE221A6-2A7C-4E33-A67F-C84D7FC11DE2} - System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-5.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {A5D5BFC1-764F-435A-81BA-9F2C19E5BDD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {A6A8B4A1-16A9-4A22-A15A-1C9D9D98DD55} - System32\Tasks\SMW_UpdateTask_Time_313139303630333836352d45372a5a506c41324a345741 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {A6AA2A0A-AC7D-4FC7-BE73-9A1F73B49381} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-08-09] (AVAST Software)
Task: {A6D7E3E5-4795-4788-BBE7-905370F6162C} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS)
Task: {B1A33D93-AB6B-424E-BD76-887D2444541F} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-10-06] (AnyProtect.com) <==== ATTENTION
Task: {B2F708ED-5569-4DB5-8A04-D00661307C4B} - System32\Tasks\Delhivv => C:\Program Files\shopperz011020151101\Jewai.bat [2015-10-01] () <==== ATTENTION
Task: {B800BE4F-B4A6-4F0B-8519-8C5272F264FE} - System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-5 => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-5.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {BFFB12DE-2C65-4DF3-A85F-48939B6BEBDB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {C28D81B6-681A-4EB9-AF69-A25388AAA93C} - System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-3 => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-3.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {C602CC11-0D91-4BDF-83AB-0EF1DBEADFB0} - System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-6.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {CB1CBFC9-55FC-4CE3-AEF2-3555EF270044} - System32\Tasks\54a3041d-99ff-429c-936a-d64130846f89-3 => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-3.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {CC21B690-1935-467F-85E2-3C01F354B46B} - System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-5 => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {D1BB3A9F-031C-44BB-B02A-B97087828686} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-03] (Adobe Systems Incorporated)
Task: {D2E681EA-5C42-43DC-BEAA-12B41AF92790} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS)
Task: {DA709299-9D01-49DB-AB79-DAB7951E5FA6} - System32\Tasks\Inst_Rep => C:\Users\Abi\AppData\Local\Installer\Install_30959\brakietut_tutbl_setup.exe [2015-10-04] ()
Task: {DC83EA6A-ADAA-42B0-8951-F1C723DF2B43} - System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3 => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3.exe [2015-10-06] (MyBrowser 1.0.2V06.10) <==== ATTENTION
Task: {E2ABDB3E-F2EC-48B3-A27C-61D611129605} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E9326D63-CB15-46AF-AA82-5C3F0A89330A} - System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-10_user => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-10.exe [2015-10-06] (MyBrowser 1.0.2V06.10) <==== ATTENTION
Task: {E996977D-816E-4E08-9381-076FAB763156} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {EBEDE228-8DCE-40FB-A5D7-021967AC76D1} - System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5 => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.exe [2015-10-06] (MyBrowser 1.0.2V06.10) <==== ATTENTION
Task: {EE2AF5C6-1468-4C9A-8549-1C7B5E01AFB4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EF010618-947F-4F0B-9DCF-DF05ADFEC634} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {F2569539-3DA6-456C-9BF5-ED2AB7E1547E} - System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6 => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6.exe [2015-10-06] (MyBrowser 1.0.2V06.10) <==== ATTENTION
Task: {FA0FAAED-6233-47E6-8046-A9F90A421B77} - System32\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-6 => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-6.exe [2015-10-04] (Cinema PlusV04.10) <==== ATTENTION
Task: {FBEE81D9-B7B2-46A6-9680-271B6C389E2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FCB5455C-08DF-4A19-A083-30CDB5A58517} - System32\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6 => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6.exe [2015-10-06] (MyBrowser 1.0.2V06.10) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-11.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-3.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-5_user.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-6.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a6a8721-b58e-429f-80a4-bb17deea77ff-7.job => C:\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-11.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\54a3041d-99ff-429c-936a-d64130846f89-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6.job => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7.job => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-10_user.job => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3.job => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.job => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5_user.job => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6.job => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7.job => C:\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ORGJcze6Wh9asiLsOyqhOX.job => C:\Users\Abi\AppData\Roaming\ORGJcze6Wh9asiLsOyqhOX.exe <==== ATTENTION
Task: C:\Windows\Tasks\qmKnKxZOiKwp192d4S8lxBYl.job => C:\Users\Abi\AppData\Roaming\qmKnKxZOiKwp192d4S8lxBYl.exe <==== ATTENTION
Task: C:\Windows\Tasks\yxnb.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\tsmfh.dll

==================== Loaded Modules (Whitelisted) ==============

2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-09-30 11:57 - 2015-10-04 21:19 - 00161280 _____ () C:\Users\Abi\AppData\Roaming\proical\comanmin.dll
2015-10-04 21:20 - 2015-10-04 21:20 - 00203776 _____ () C:\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\hnsfFB53.tmp
2012-05-28 11:08 - 2012-03-26 21:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-28 10:39 - 2012-03-16 07:48 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2015-10-04 21:30 - 2015-07-08 21:26 - 00173088 _____ () C:\Users\Abi\AppData\Roaming\NetService\netservice.exe
2015-10-04 21:30 - 2015-10-01 11:05 - 00171200 _____ () C:\Program Files\shopperz011020151101\Vubficvh.exe
2012-04-06 23:29 - 2012-04-06 23:29 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-04-06 23:29 - 2012-04-06 23:29 - 00022120 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2015-10-01 04:03 - 2015-10-01 04:03 - 02024808 _____ () C:\Program Files\shopperz011020151101\Kixjucfio.exe
2015-10-04 21:30 - 2015-10-01 11:05 - 01444544 _____ () C:\Program Files\shopperz011020151101\csrcc.exe
2015-10-06 13:45 - 2015-10-05 09:49 - 03300496 _____ () C:\Users\Abi\AppData\Local\gmsd_ca_005010107\upgmsd_ca_005010107.exe
2015-10-06 13:45 - 2015-10-05 09:49 - 03976336 _____ () C:\Program Files (x86)\gmsd_ca_005010107\gmsd_ca_005010107.exe
2015-10-06 13:46 - 2015-10-06 13:46 - 00228674 _____ () C:\Users\Abi\AppData\Local\Temp\nso9DF5.tmp
2015-10-06 14:20 - 2015-10-06 14:20 - 00396288 _____ () C:\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\knsqCB46.tmp
2014-11-21 08:53 - 2014-11-21 08:53 - 00033792 _____ () C:\Users\Abi\AppData\Roaming\ssn\ssn.exe
2011-12-23 13:24 - 2011-12-23 13:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2015-08-14 13:47 - 2015-08-14 13:47 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-14 13:47 - 2015-08-14 13:47 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-05 17:14 - 2015-10-05 17:14 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100501\algo.dll
2015-10-06 15:14 - 2015-10-06 15:14 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100601\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-10-05 18:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-05 18:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-05 18:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-05 18:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-05 18:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-14 13:47 - 2015-08-14 13:47 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-30 11:57 - 2015-10-04 21:19 - 00134656 _____ () C:\Users\Abi\AppData\Roaming\proical\daycol.dll
2012-05-28 10:38 - 2012-03-07 10:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-10-06 13:44 - 2015-05-12 07:01 - 01070592 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libglesv2.dll
2015-10-06 13:44 - 2015-05-12 07:01 - 00204800 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libegl.dll
2015-10-06 13:44 - 2015-05-12 07:01 - 09003008 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\pdf.dll
2015-10-06 13:44 - 2015-05-12 07:01 - 00896512 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\ffmpegsumo.dll
2015-10-06 13:46 - 2015-10-06 13:46 - 00011264 _____ () C:\Users\Abi\AppData\Local\Temp\nsuAA25.tmp\System.dll
2015-10-06 13:46 - 2015-10-06 13:46 - 00009728 _____ () C:\Users\Abi\AppData\Local\Temp\nsuAA25.tmp\nsDialogs.dll
2015-10-06 13:46 - 2015-10-06 13:46 - 00025088 _____ () C:\Users\Abi\AppData\Local\Temp\nsuAA25.tmp\registry.dll
2015-10-06 13:46 - 2015-10-06 13:46 - 00067584 _____ () C:\Users\Abi\AppData\Local\Temp\nsuAA25.tmp\Math.dll
2015-10-06 13:46 - 2015-10-06 13:46 - 00058368 _____ () C:\Users\Abi\AppData\Local\Temp\nsuAA25.tmp\nsCBHTML5.dll
2014-04-21 16:00 - 2014-04-21 16:00 - 03378688 _____ () C:\Users\Abi\AppData\Roaming\ssn\mozjs.dll
2011-08-15 23:12 - 2011-08-15 23:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-17 19:48 - 2011-08-17 19:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-15 23:15 - 2011-08-15 23:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 19:48 - 2011-08-17 19:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 22:23 - 2011-08-15 22:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 16:24 - 2011-11-25 16:24 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2011-08-15 23:12 - 2011-08-15 23:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 19:41 - 2011-08-17 19:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-11-25 16:29 - 2011-11-25 16:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-11-25 16:28 - 2011-11-25 16:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 16:42 - 2011-11-25 16:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 16:26 - 2011-11-25 16:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 19:05 - 2011-07-19 19:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-19 19:04 - 2011-07-19 19:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2011-08-15 23:17 - 2011-08-15 23:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Abi\Desktop\AbiTax.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Desktop\AbiTax.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Desktop\babyscan.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Desktop\babyscan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Desktop\matrrsp.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Desktop\matrrsp.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Desktop\mattax.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Desktop\mattax.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Desktop\member change form.png:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Desktop\member change form.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Desktop\midwife notes 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Desktop\midwife notes 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Desktop\midwife notes 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Desktop\midwife notes 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Documents\health card insurance.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Documents\health card insurance.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Documents\health card supplemental.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Documents\health card supplemental.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Abi\Documents\meditech registration.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Abi\Documents\meditech registration.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.162 - 82.163.142.164
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8FD873D8-2066-4145-A6EA-3E5CA9999762}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C16BCB7B-1797-4D27-AE2F-CCA5D9973D88}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0AB6A935-09EA-411C-A307-9A77E2412E29}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A379F547-BF8A-4B78-B1EC-8A3EC6B9E70B}] => (Allow) LPort=2869
FirewallRules: [{F1811CB8-11D7-4EBD-981A-B31337573DA4}] => (Allow) LPort=1900
FirewallRules: [{4262453D-0716-4ACD-8F19-DB26807F9B27}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E166EA75-29F0-4D0C-BDCD-8F78CC6393A4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{ADC0B634-7E7B-4D52-BBE1-9CA84E4CC298}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{16A286E4-E4A8-476D-AB0A-2549B1340571}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{1E125A22-3769-4B8C-B674-81D0A8D13701}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{8E2439BF-BD93-4B7F-A36E-D24DF0967F7D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{B3BFE238-4A39-4983-A3DA-A92FF52D2C9F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{EC564DF5-7E41-4E99-A174-CC6C9FCABE40}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E6111690-229E-4C49-9DFF-AFF589063362}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{212A54F7-9BEF-4AA8-8E94-D6222C51EA20}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{832240CA-6103-4E8D-A264-8B1A74F61D93}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{03BE1C9E-8F6C-4E6E-B108-FE25A907A4E5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe
FirewallRules: [{6504793A-A869-45C7-B9C5-DA1B951CF00D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{5500A754-C22F-4049-A0F9-664EEBB43E46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{2A9DB574-E321-4CC3-97A0-ECB30BA8147D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05EFD2AA-1D64-4CAA-9006-D3BF26FF778E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2EF53DD5-23A8-4F72-A4C0-E1CAAD27B2DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B3908AB-6BF2-4529-A028-C3C2041E8477}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BAE36271-63B2-4DFF-86B7-68D39AD241C7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{3D73F9BA-CF8E-4551-AABC-585D7F817F8D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F79E4460-7D5A-4370-9A64-CEE010DE6206}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BF322E37-E5EA-436C-AF36-3A4595BC678B}] => (Allow) C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B852340F-1685-4D2E-9906-F55B0506E5DD}] => (Allow) C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E732776-CA4E-498C-B962-DFAC8A1FB5FE}] => (Allow) C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7EAF9ED6-AB60-4A55-9578-00BAA4BCEE81}] => (Allow) C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{24194B42-340B-4CB1-94F5-8CF7C00AEFD5}] => (Allow) C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E415A74A-8EE5-473A-A76A-EAA4E3AC9238}] => (Allow) C:\Users\Abi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5345F8CB-3DC8-46BC-A9E6-FF71B206AAB3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BEC52C7D-31D9-4044-8AC0-7E744DBF1EAE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B7D33C18-3B0F-4D31-8AF9-C270099EDBBE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{26DF8587-01A5-4261-A680-9C0035D948B2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B68C9BEC-795E-4989-8669-F3E5A2DB4FB1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DE04AFED-2CAF-4DC9-906B-2966B4B80132}] => (Allow) C:\Users\Abi\AppData\Roaming\SSN\ssn.exe
FirewallRules: [{873699D0-7464-4AE3-A3A3-3E5CED42977F}] => (Allow) C:\Users\Abi\AppData\Roaming\SSN\updssn.exe
FirewallRules: [{B9F1B326-EA08-4FE0-BF88-671B5C9AADAE}] => (Allow) C:\Users\Abi\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{E096DB31-FD1B-4FA8-8A6C-5A6B4211721F}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2015 08:38:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17692541

Error: (10/06/2015 08:38:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17692541

Error: (10/06/2015 08:38:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/06/2015 03:43:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1279

Error: (10/06/2015 03:43:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1279

Error: (10/06/2015 03:43:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/06/2015 03:38:44 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (10/06/2015 02:35:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (10/06/2015 01:45:58 PM) (Source: MsiInstaller) (EventID: 11316) (User: Abi-Laptop)
Description: Product: globalupdate Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi

Error: (10/05/2015 10:34:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.14.0.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 130

Start Time: 01d0ffdde0d220e1

Termination Time: 0

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

System errors:
=============
Error: (10/06/2015 08:44:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/06/2015 08:44:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/06/2015 08:44:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (10/06/2015 08:40:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/06/2015 01:09:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (10/06/2015 01:09:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/05/2015 10:45:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/05/2015 10:45:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/05/2015 10:45:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/05/2015 10:45:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz
Percentage of memory in use: 66%
Total physical RAM: 5937.6 MB
Available physical RAM: 1996.82 MB
Total Virtual: 11873.39 MB
Available Virtual: 7425.08 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:449.06 GB) (Free:247.12 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:14.53 GB) (Free:8.56 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2B273B16)
Partition 1: (Not Active) - (Size=16.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

Satchfan

2015-10-07, 14:09

Hello JohnSnow and welcome to the Safer Networking Forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan

Satchfan

2015-10-07, 14:40

Hello again John

You have a lot going on with this computer and a lot to clean so let’s get going.

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks (http://www.onguardonline.gov/p2p).

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Uninstall programs

Please uninstall these programs:

AnyProtect
AnySend
CinemaP-1.9cV04.10
CinemaPlus-3.2cV04.10
Crossbrowse
CyberLink MediaEspresso
GamesDesktop 026.005010107
MyBrowser 1.0.2V06.10
Proical
Search module
Setup
Shopperz
SmartWeb
SSN
SwiftSearch

click Start, Control Panel, Programs and Features
click on AnyProtect and then Uninstall
repeat this for the other programs listed above.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here (https://toolslib.net/downloads/finish/1/) and save it to your desktop.

run AdwCleaner
when it has finished, select Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.

Download RogueKiller (http://www.bleepingcomputer.com/download/roguekiller/dl/121/) to your desktop

close all running programs
for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when the pre-scan is finished, click on Scan
click on Report and copy/paste the content in your next post
NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
RKreport.txt

Thanks

Satchfan

JohnSnow

2015-10-08, 04:18

requested logs posted below. Thanks for your help.

# AdwCleaner v5.011 - Logfile created 07/10/2015 at 20:34:39
# Updated 07/10/2015 by Xplode
# Database : 2015-10-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Abi - Abi-Laptop
# Running from : C:\Users\Abi\Desktop\adwcleaner_5.011.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : cherimoya
[-] Service Deleted : bigosucu
[-] Service Deleted : gyvixodu
[-] Service Deleted : swsedrvr_vt_1_10_0_25
[-] Service Deleted : Kixjucfio

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\shopperz011020151101
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD
[-] Folder Deleted : C:\Program Files (x86)\SwiftSearch_1.10.0.25
[-] Folder Deleted : C:\Program Files (x86)\CinemaP-1.9cV04.10
[-] Folder Deleted : C:\Program Files (x86)\CinemaPlus-3.2cV04.10
[-] Folder Deleted : C:\Program Files (x86)\MyBrowser 1.0.2V06.10
[-] Folder Deleted : C:\Program Files (x86)\gmsd_ca_005010107
[-] Folder Deleted : C:\Program Files\Common Files\Goobzo
[-] Folder Deleted : C:\ProgramData\SearchModule
[-] Folder Deleted : C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
[-] Folder Deleted : C:\ProgramData\Service0561
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[-] Folder Deleted : C:\Users\Abi\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Abi\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\Abi\AppData\Local\SmartWeb
[-] Folder Deleted : C:\Users\Abi\AppData\Local\DeskBar
[-] Folder Deleted : C:\Users\Abi\AppData\Local\BrowserAir
[-] Folder Deleted : C:\Users\Abi\AppData\Local\bvxvexvbg
[-] Folder Deleted : C:\Users\Abi\AppData\Local\gmsd_ca_005010107
[-] Folder Deleted : C:\Users\Abi\AppData\Local\A0FEA676-1443993646-E111-9F63-E98E551D30CD
[-] Folder Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh
[-] Folder Deleted : C:\Users\Abi\AppData\LocalLow\SmartWeb
[-] Folder Deleted : C:\Users\Abi\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Abi\AppData\Roaming\AnyProtectEx
[-] Folder Deleted : C:\Users\Abi\AppData\Roaming\DesktopIconForAmazon
[-] Folder Deleted : C:\Users\Abi\AppData\Roaming\ASPackage
[-] Folder Deleted : C:\Users\Abi\AppData\Roaming\SSN
[-] Folder Deleted : C:\Users\Abi\AppData\Roaming\ortmp
[-] Folder Deleted : C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
[-] Folder Deleted : C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir

***** [ Files ] *****

[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gegdfeiahlfolhcfioipjlkombmgbakh_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gegdfeiahlfolhcfioipjlkombmgbakh_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gegdfeiahlfolhcfioipjlkombmgbakh_0
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gegdfeiahlfolhcfioipjlkombmgbakh
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-searching.com_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-searching.com_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
[-] File Deleted : C:\Users\Abi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[-] File Deleted : C:\Users\Abi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
[-] File Deleted : C:\Users\Abi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
[-] File Deleted : C:\Users\Abi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BrowserAir.lnk
[-] File Deleted : C:\Users\Abi\Desktop\BrowserAir.lnk
[-] File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\Windows\SysNative\drivers\swsedrvr_vt_1_10_0_25.sys
[-] File Deleted : C:\Windows\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys
[-] File Deleted : C:\Windows\SysWOW64\Kixjucfio.dll

***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysNative\dnsapi.dll
[-] File Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : APSnotifierPP1
[-] Task Deleted : APSnotifierPP2
[-] Task Deleted : APSnotifierPP3
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : Inst_Rep
[-] Task Deleted : bvxvexvbg
[-] Task Deleted : SwiftSearch Auto Updater 1.10.0.25 Core
[-] Task Deleted : SwiftSearch Auto Updater 1.10.0.25 Pending Update
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-10_user
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-11
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-3
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-5
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-5_user
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-6
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-7
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-1-6
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-1-7
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-10_user
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-11
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-3
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-5
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-5_user
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-6
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-7
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-10_user
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-3
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-5
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-5_user
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-6
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-7
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-11
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-3
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-5
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-5_user
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-6
[-] Task Deleted : 1a6a8721-b58e-429f-80a4-bb17deea77ff-7
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-1-6
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-1-7
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-11
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-3
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-5
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-5_user
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-6
[-] Task Deleted : 54a3041d-99ff-429c-936a-d64130846f89-7
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-3
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-5
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-5_user
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-6
[-] Task Deleted : efbdfbf3-aa47-462e-b912-1c138b57c7c5-7
[-] Task Deleted : SMW_UpdateTask_Time_313139303630333836352d45372a5a506c41324a345741
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BrowserAir.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_ca_014010106]
[-] Key Deleted : HKLM\SOFTWARE\a690a876-c5b2-4e85-bfa0-e8f63b97d804
[-] Key Deleted : HKLM\SOFTWARE\b35d9475-1079-47e9-b589-74ee7bd164bf
[-] Key Deleted : HKLM\SOFTWARE\fde14152-ef36-4e91-992b-abb2ca12e38b
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1478E71F-577C-4F90-8289-864775A91E66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{689960B3-2BC4-478F-8F66-9B0EB5BC2FC8}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87351D3C-AFFF-419C-85E7-C728C6A4E459}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2FFCAE8-21D4-4D36-845F-FD7F4F615D5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDDE1B0A-D7CF-4F3F-8D42-BCFF4ED53AE6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{124CA0BE-F86B-4C53-8FFB-EEF058D2AE47}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9A6E2FF5-3587-48A7-8C13-D3B1FD71D7AC}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
[-] Key Deleted : HKU\.DEFAULT\Software\CinemaP-1.9cV04.10-nv
[-] Key Deleted : HKU\.DEFAULT\Software\CinemaP-1.9cV04.10-nv-ie
[-] Key Deleted : HKU\.DEFAULT\Software\CinemaPlus-3.2cV04.10-nv
[-] Key Deleted : HKU\.DEFAULT\Software\CinemaPlus-3.2cV04.10-nv-ie
[-] Key Deleted : HKU\.DEFAULT\Software\MyBrowser 1.0.2V06.10-nv
[-] Key Deleted : HKU\.DEFAULT\Software\MyBrowser 1.0.2V06.10-nv-ie
[-] Key Deleted : HKU\.DEFAULT\Software\{5E3806DC-5791-452A-8A9E-134943F12304}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\AnyProtect
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\MyBestOffersToday
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\SearchProtect
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\DeskBar
[-] Key Deleted : HKCU\Software\CinemaP-1.9cV04.10
[-] Key Deleted : HKCU\Software\CinemaP-1.9cV04.10-nv
[-] Key Deleted : HKCU\Software\CinemaP-1.9cV04.10-nv-ie
[-] Key Deleted : HKCU\Software\CinemaPlus-3.2cV04.10
[-] Key Deleted : HKCU\Software\CinemaPlus-3.2cV04.10-nv
[-] Key Deleted : HKCU\Software\CinemaPlus-3.2cV04.10-nv-ie
[-] Key Deleted : HKCU\Software\MyBrowser 1.0.2V06.10
[-] Key Deleted : HKCU\Software\MyBrowser 1.0.2V06.10-nv
[-] Key Deleted : HKCU\Software\MyBrowser 1.0.2V06.10-nv-ie
[-] Key Deleted : HKCU\Software\{5E3806DC-5791-452A-8A9E-134943F12304}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\SwiftSearch_1.10.0.25
[-] Key Deleted : HKLM\SOFTWARE\CinemaP-1.9cV04.10
[-] Key Deleted : HKLM\SOFTWARE\CinemaP-1.9cV04.10-nv
[-] Key Deleted : HKLM\SOFTWARE\CinemaP-1.9cV04.10-nv-ie
[-] Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV04.10
[-] Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV04.10-nv
[-] Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV04.10-nv-ie
[-] Key Deleted : HKLM\SOFTWARE\MyBrowser 1.0.2V06.10
[-] Key Deleted : HKLM\SOFTWARE\MyBrowser 1.0.2V06.10-nv
[-] Key Deleted : HKLM\SOFTWARE\MyBrowser 1.0.2V06.10-nv-ie
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaP-1.9cV04.10
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV04.10
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyBrowser 1.0.2V06.10
[!] Key Not Deleted : [x64] HKCU\Software\AnyProtect
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\MyBestOffersToday
[!] Key Not Deleted : [x64] HKCU\Software\OCS
[!] Key Not Deleted : [x64] HKCU\Software\SearchProtect
[!] Key Not Deleted : [x64] HKCU\Software\Tutorials
[!] Key Not Deleted : [x64] HKCU\Software\TutoTag
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[!] Key Not Deleted : [x64] HKCU\Software\DeskBar
[!] Key Not Deleted : [x64] HKCU\Software\CinemaP-1.9cV04.10
[!] Key Not Deleted : [x64] HKCU\Software\CinemaP-1.9cV04.10-nv
[!] Key Not Deleted : [x64] HKCU\Software\CinemaP-1.9cV04.10-nv-ie
[!] Key Not Deleted : [x64] HKCU\Software\CinemaPlus-3.2cV04.10
[!] Key Not Deleted : [x64] HKCU\Software\CinemaPlus-3.2cV04.10-nv
[!] Key Not Deleted : [x64] HKCU\Software\CinemaPlus-3.2cV04.10-nv-ie
[!] Key Not Deleted : [x64] HKCU\Software\MyBrowser 1.0.2V06.10
[!] Key Not Deleted : [x64] HKCU\Software\MyBrowser 1.0.2V06.10-nv
[!] Key Not Deleted : [x64] HKCU\Software\MyBrowser 1.0.2V06.10-nv-ie
[!] Key Not Deleted : [x64] HKCU\Software\{5E3806DC-5791-452A-8A9E-134943F12304}
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\AppDataLow\Software\SmartWeb
[!] Key Not Deleted : HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F1251B0-ED36-4A53-B1D8-0700B350C9B6}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F1251B0-ED36-4A53-B1D8-0700B350C9B6}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
[!] Key Not Deleted : HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4F1251B0-ED36-4A53-B1D8-0700B350C9B6}
[!] Key Not Deleted : HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}

***** [ Web browsers ] *****

[-] [C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M9949BBB5-612F-46C6-AB70-1CB1982CDBD9&SearchSource=55&CUI=&UM=8&UP=SPA5B516FC-0DD9-40D3-9CAD-07D1BA184ADB&D=100415&SSPV=
[-] [C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gegdfeiahlfolhcfioipjlkombmgbakh

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [31131 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Abi on 07/10/2015 at 20:46:30.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully deleted: [Service] cltmngsvc [Reboot required]

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\EgisUpdate
Successfully deleted: [Task] C:\Windows\Tasks\ORGJcze6Wh9asiLsOyqhOX.job
Successfully deleted: [Task] C:\Windows\Tasks\qmKnKxZOiKwp192d4S8lxBYl.job

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\BrowserAir.AMC7FAXV7DE7K32PY2W75AC2QA

~~~ Files

Successfully deleted: [File] C:\Users\Abi\Appdata\Local\nsp2B0E.tmp
Successfully deleted: [File] C:\Users\Abi\AppData\Roaming\ORGJcze6Wh9asiLsOyqhOX
Successfully deleted: [File] C:\Users\Abi\AppData\Roaming\ORGJcze6Wh9asiLsOyqhOX.exe
Successfully deleted: [File] C:\Users\Abi\AppData\Roaming\qmKnKxZOiKwp192d4S8lxBYl
Successfully deleted: [File] C:\Users\Abi\AppData\Roaming\qmKnKxZOiKwp192d4S8lxBYl.exe
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Abi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Abi\desktop\Google Chrome.lnk

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Abi\Appdata\Local\{2319E2F5-D64B-4A67-A7CC-AAFC35C207EC}
Successfully deleted: [Empty Folder] C:\Users\Abi\Appdata\Local\{50B0E6FA-5439-4218-A2ED-2D091E69A056}
Successfully deleted: [Empty Folder] C:\Users\Abi\Appdata\Local\{65AF5747-E972-4EE6-A5CC-DBC1E6B9B6CA}
Successfully deleted: [Empty Folder] C:\Users\Abi\Appdata\Local\{84646BB1-E7E3-463F-A06E-ED173A49BE60}
Successfully deleted: [Empty Folder] C:\Users\Abi\Appdata\Local\{952803EF-3391-45A3-9EFC-9806D6675266}
Successfully deleted: [Empty Folder] C:\Users\Abi\Appdata\Local\{F4730921-4AB7-4F2C-8185-B4F59400BFAB}
Successfully deleted: [Folder] C:\Users\Abi\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Abi\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\Abi\AppData\Roaming\4723

~~~ Chrome

[C:\Users\Abi\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Abi\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Abi\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Abi\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/10/2015 at 20:54:10.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V10.10.9.0 [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Abi [Administrator]
Started from : C:\Users\Abi\Desktop\RogueKiller.exe
Mode : Scan -- Date : 10/07/2015 21:12:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVT-22G33T0 +++++
--- User ---
[MBR] 2eb2deb7fb3aa155e00817ef33cfb6dd
[BSP] b0849c504cfdbc658b21abff922a3719 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 34818048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35022848 | Size: 459838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Satchfan

2015-10-08, 12:28

Those programs got rid of a lot but we have more to do. :)

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

close all programs
double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
after it has completed it's prescan, click on Scan
click on the click on the “Registry” tab
make sure the following entries there are checked:

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aqovd.com?oem=sunadcav3&u...&tm=1444265956 -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aqovd.com?oem=sunadcav3&u...&tm=1444265956 -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aqovd.com?oem=sunadcav3&u...&tm=1444265956 -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aqovd.com?oem=sunadcav3&u...&tm=1444265956 -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.aqovd.com?oem=sunadcav3&u...&tm=1444265956 -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.aqovd.com?oem=sunadcav3&u...&tm=1444265956 -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.aqovd.com?oem=sunadcav3&u...&tm=1444265956 -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.aqovd.com?oem=sunadcav3&u...&tm=1444265956 -> Found

then press the Delete button and post the log it produces.

===================================================

Download Malwarebytes-Anti-Malware

Click here (http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/dl/7/).

double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
select the “Scan” tab at the top
there are three scan types; choose Threat Scan, then click on Scan
when the scan is complete, if no malicious items are found you can close the program
if malicious items are found be sure that everything is checked and click Quarantine
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

RogueKiller fix log
Mbam.txt

Can you tell me how your computer is now.

Satchfan

JohnSnow

2015-10-09, 06:17

I ended up running the malware-bytes software twice (had to cancel the first one), so both logs are shown here.

Overall I am not seeing the popups so that is a big improvement , but as I'm typing this message the machine is very slow to respond (I am five words ahead by the time it shows up on the screen) so something still doesn't seem quite right.

RogueKiller V10.10.9.0 [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Abi [Administrator]
Started from : C:\Users\Abi\Desktop\RogueKiller.exe
Mode : Delete -- Date : 10/08/2015 19:20:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Deleted
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : www.aqovd.com?oem=sunadcav3&uid=WD-WX41C32L7008_00LPVT-22G33&tm=1444265956 -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVT-22G33T0 +++++
--- User ---
[MBR] 2eb2deb7fb3aa155e00817ef33cfb6dd
[BSP] b0849c504cfdbc658b21abff922a3719 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 34818048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35022848 | Size: 459838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/10/08 20:48:26 -0400</date>
<logfile>mbam-log-2015-10-08 (19-26-20).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>0.0.0.0000</version>
<malware-database>v2015.10.08.05</malware-database>
<rootkit-database>v2015.10.06.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Abi</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>cancelled</result>
<objects>362100</objects>
<time>1706</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>

2nd run
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/10/08 22:22:26 -0400</date>
<logfile>mbam-log-2015-10-08 (22-22-22).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.10.08.05</malware-database>
<rootkit-database>v2015.10.06.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Abi</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>381546</objects>
<time>1962</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>2</datas>
<folders>140</folders>
<files>306</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<data><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{15CD2FC4-BBE6-4572-989A-6AE7E0E8ED2E}</path><valuename>NameServer</valuename><vendor>Trojan.DNSChanger</vendor><action>replaced</action><valuedata>82.163.143.162,82.163.142.164</valuedata><baddata>82.163.143.162,82.163.142.164</baddata><gooddata></gooddata><hash>c1c45400b8d3231339a2fc94867f0af6</hash></data>
<data><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F6B24CDD-A746-40B4-A6EC-4E45B40509B2}</path><valuename>NameServer</valuename><vendor>Trojan.DNSChanger</vendor><action>replaced</action><valuedata>82.163.143.162,82.163.142.164</valuedata><baddata>82.163.143.162,82.163.142.164</baddata><gooddata></gooddata><hash>7f0676dea0eb7eb825b6cec259acf907</hash></data>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Avatars</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Caps</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\bgs</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\templates</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ar</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\be</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\bg</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\bn</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ca</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\cs</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\da</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\de</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\el</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\en</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\en_GB</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\es</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\et</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fa</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fi</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fr</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\he</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hi</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hr</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hu</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\id</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\it</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ja</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ko</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\lt</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\lv</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ms</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\nb</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\nl</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pl</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pt_BR</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pt_PT</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ro</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ru</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sk</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sl</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sr</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sv</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\th</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\tr</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\uk</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ur</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\vi</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\zh_CN</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\zh_TW</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_metadata</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\_metadata</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\_metadata</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\recovery</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\SwReporter</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Temp</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></folder>
<folder><path>C:\ProgramData\KeyStream</path><vendor>PUP.Optional.KeyStream</vendor><action>success</action><hash>15707dd796f53df900d983bf2fd48080</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\en</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\en_US</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\pt_BR</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></folder>
<folder><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_metadata</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></folder>
<folder><path>C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo</path><vendor>PUP.Optional.Jogotempo.ShrtCln</vendor><action>success</action><hash>077eaba9adde56e03a10ee55fd066d93</hash></folder>
<folder><path>C:\Users\Abi\AppData\Roaming\NetService</path><vendor>PUP.Optional.NetService</vendor><action>success</action><hash>374e0252d9b25dd9ad1eeddd20e5f40c</hash></folder>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\chrome.dat</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\First Run</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Local State</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Bookmarks</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Bookmarks.bak</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cookies</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cookies-journal</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Current Session</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Current Tabs</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Favicons</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Google Profile.ico</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History Provider Cache</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History-journal</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Last Session</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Last Tabs</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Preferences</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\README</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Secure Preferences</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Shortcuts</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Top Sites</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Visited Links</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Web Data</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Web Data-journal</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_0</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_1</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_2</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_3</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\index</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\000007.log</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\CURRENT</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\LOCK</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\LOG</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\LOG.old</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\MANIFEST-000006</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\000003.log</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\CURRENT</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\LOCK</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\LOG</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\MANIFEST-000002</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\manifest.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\options.html</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\csl.parser.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\eventemitter2.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\jquery-1.5.2.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\jquery.mustache.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\lodash.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\protobuf.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\q.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks\empty.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks\ga.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks\gpt.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks\omniture.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\aos.panel.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\avastwrc.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\ava_connector.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\bal.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\gpb.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\ial.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\options.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\query.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\templates.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\css\extension.css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\css\settings.css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_extensiontop_orange.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\sas_logo.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\avast-logo.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icnthumbdownsmall.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icnthumbsmall.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_bug.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_check.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_checkbig.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_close.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_close_small.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_extensiontop.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_extensiontop_green.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_extensiontop_red.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_eye.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_norating_big.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_norating_big2.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_siteforward.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_thumbdown_big.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_thumblearn.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_thumbright_big.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_thumbup_big.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_warning.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon128.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon16.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon256.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon32.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon48.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon64.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\img_bg.jpg</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\logo_avast.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\logo_avastblack.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\logo_avastsmall.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_green.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_grey.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_norating.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_orange.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_red.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_thumbdown.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_thumbneutral.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_thumbup.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switchersmall_dotgreen.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switchersmall_dotred.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_dotgreen.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_dotorange.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_dotred.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_greenbg.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_orangebg.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_redbg.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\aos.panel.html</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\bgs\logo-avast-dark.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\bgs\logo-avast-white.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\bgs\logo-avast.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\css\style.css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\css\style.modal.css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\accordeon.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\arrow-right.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\attention.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\error.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\globe.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\ok.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\serp-attention.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\serp-error.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\serp-none.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\serp-ok.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-facebook.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-gplus.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-in.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-instagram.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-pin.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-snapchat.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-twitter.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-vk.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-youtube.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\status-attention.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\status-none.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\status-ok.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\status-warning.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\thumbs-down.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\thumbs-up.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\unknown.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\templates\aos.control.html</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\abek.bl.crx.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\anchor.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\aos.bl.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\bs.aos.crx.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\bs.crx.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\extension.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ar\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\be\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\bg\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\bn\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ca\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\cs\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\da\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\de\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\el\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\en\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\en_GB\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\es\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\et\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fa\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fi\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fr\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\he\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hi\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hr\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hu\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\id\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\it\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ja\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ko\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\lt\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\lv\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ms\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\nb\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\nl\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pl\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pt_BR\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pt_PT\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ro\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ru\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sk\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sl\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sr\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sv\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\th\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\tr\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\uk\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ur\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\vi\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\zh_CN\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\zh_TW\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_metadata\verified_contents.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\favicon.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\manifest.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\newtab-hp.html</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js\background.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js\newtab-hp.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\_metadata\verified_contents.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\background.html</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\background.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\browserSpecificScript.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\c2c_128x128.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\c2c_16x16.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\c2c_48x48.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\c2c_options_handler_script.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\c2c_options_menu.css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\c2c_options_menu.html</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\c2c_options_menu_localization.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\call_icon.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\call_skype_logo.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\contentscript.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\fpnr.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\jquery-2.1.0.min.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\localization.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\manifest.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\menu_handler.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\mutation-summary.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\number_highlighting.css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\number_highlighting_builder.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\number_highlighting_chrome.css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\pnr.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\telemetry.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\_metadata\verified_contents.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_background.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_window.js</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\manifest.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css\craw_window.css</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html\craw_window.html</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\flapper.gif</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_128.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_16.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_close.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_hover.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_maximize.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_pressed.png</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW\messages.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\Users\Abi\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata\verified_contents.json</path><vendor>PUP.Optional.MyBrowser</vendor><action>success</action><hash>f392bd974b404fe79cc371d11ee5a759</hash></file>
<file><path>C:\ProgramData\KeyStream\install.log</path><vendor>PUP.Optional.KeyStream</vendor><action>success</action><hash>15707dd796f53df900d983bf2fd48080</hash></file>
<file><path>C:\ProgramData\KeyStream\KeyStream32.dll</path><vendor>PUP.Optional.KeyStream</vendor><action>success</action><hash>15707dd796f53df900d983bf2fd48080</hash></file>
<file><path>C:\ProgramData\KeyStream\KeyStream64.dll</path><vendor>PUP.Optional.KeyStream</vendor><action>success</action><hash>15707dd796f53df900d983bf2fd48080</hash></file>
<file><path>C:\ProgramData\KeyStream\NSISHelper.dll</path><vendor>PUP.Optional.KeyStream</vendor><action>success</action><hash>15707dd796f53df900d983bf2fd48080</hash></file>
<file><path>C:\ProgramData\KeyStream\trz1043.tmp</path><vendor>PUP.Optional.KeyStream</vendor><action>success</action><hash>15707dd796f53df900d983bf2fd48080</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\background.html</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\background.js</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\ga.js</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\icon_128.png</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\icon_16.png</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\main.js</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\manifest.json</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\popup.html</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\popup.js</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\en\messages.json</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\en_US\messages.json</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_locales\pt_BR\messages.json</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_metadata\computed_hashes.json</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_1\_metadata\verified_contents.json</path><vendor>PUP.Optional.EasyCalendar.ChrPRST</vendor><action>success</action><hash>92f3223259329b9b8db82122e320ba46</hash></file>
<file><path>C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo\jogotempo.lnk</path><vendor>PUP.Optional.Jogotempo.ShrtCln</vendor><action>success</action><hash>077eaba9adde56e03a10ee55fd066d93</hash></file>
<file><path>C:\Users\Abi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo\Uninstall.lnk</path><vendor>PUP.Optional.Jogotempo.ShrtCln</vendor><action>success</action><hash>077eaba9adde56e03a10ee55fd066d93</hash></file>
<file><path>C:\Users\Abi\AppData\Roaming\NetService\conf.ini</path><vendor>PUP.Optional.NetService</vendor><action>success</action><hash>374e0252d9b25dd9ad1eeddd20e5f40c</hash></file>
<file><path>C:\Users\Abi\AppData\Roaming\NetService\sc.exe</path><vendor>PUP.Optional.NetService</vendor><action>success</action><hash>374e0252d9b25dd9ad1eeddd20e5f40c</hash></file>
<file><path>C:\Windows\System32\dev\volp\ajul.dat</path><vendor>PUP.Optional.HijackHosts.Gen</vendor><action>success</action><hash>760fb1a3ec9f94a2bd343c8a46bfb64a</hash></file>
</items>
</mbam-log>

Satchfan

2015-10-09, 11:24

That was not really a decipherable log so can you please do the following:

Open Malwarebytes, click on History > Application Logs. Open the last scan by double-clicking on it. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Click on “Export”, choose Text file (*.txt) then give it a name and save it to your desktop.

Please then post that in your next reply.

=================================

Please run FRST again and make sure there is a checkmark next to "addition.txt" before you hit “Scan”.

Logs to include with next post:

Mbam.txt
New Frst.txt
New Addition.txt

Thanks

Satchfan

JohnSnow

2015-10-11, 22:26

I am for some reason unable to post the logs to the thread so i am just testing if I can post anything

JohnSnow

2015-10-11, 22:36

1238212383

Satchfan

2015-10-11, 22:45

That worked fine!

JohnSnow

2015-10-11, 23:48

The MBAM log is too long so i had to split it into 3 parts

Satchfan

2015-10-12, 00:16

Good work John.

Can you please do the same for the new FRST logs that I asked for.

Thanks

Satchfan

JohnSnow

2015-10-13, 00:59

hopefully those logs are attached now.
Thanks

Satchfan

2015-10-13, 11:18

Hello John and well done getting the logs.

You have an illegal activation tool for Microsoft Windows and MS Office products:

2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6

This forum, as well as all the other well-respected malware removal forums, does not condone the use of Pirated-Warez/Keygens/Cracked software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. In doing the crack, the 'cracker' has broken the 'End User License Agreement' (EULA) of the product.

Aside from the legalities, be aware that malware authors prey on users looking to circumvent a software's protection mechanisms: there is also a high risk of infection involved in downloading and running crack codes.

The “fix” included in this post will remove it.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {5885ECFB-B6D1-4EDE-AF43-AED548EF4833} URL =
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
2015-10-04 21:32 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b
2015-10-04 21:31 - 2015-10-04 21:33 - 00000000 ____D C:\Program Files (x86)\Feed Notifier
2015-10-04 21:30 - 2015-10-07 20:59 - 00000000 ____D C:\Users\Abi\AppData\Roaming\RunDir
2015-10-04 21:30 - 2015-10-04 21:30 - 00000045 _____ C:\user.js
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Windows\system32\dev
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Local\Tempfolder
2015-10-04 21:28 - 2015-10-05 06:17 - 00000292 _____ C:\Windows\Tasks\yxnb.job
2015-10-04 21:27 - 2015-10-07 20:21 - 00170747 _____ C:\Windows\wininit.ini
2015-10-04 21:25 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005
2015-10-04 21:25 - 2015-10-06 20:45 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Local\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-04 21:20 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-04 21:19 - 2015-10-04 21:19 - 00000000 ____D C:\Users\Abi\AppData\Local\Geckofx
2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio => ""="service"
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
run FRST64 then click Fix just once and wait
it will create a log (Fixlog.txt); please post it to your reply.

================================================

Uninstall AdwCleaner

double click on adwcleaner.exe to run the tool
click on Uninstall
confirm with Yes

Download AdwCleaner again from here (https://toolslib.net/downloads/finish/1/) and save it to your desktop.

run AdwCleaner
when it has finished, allow AdwCleaner to deleteeverything it found, then click on Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

Logs to include in the next post:

Fixlog.txt
New AdwCleaner log

Can you tel me how your computer is now and if there are any remaining problems.

Thanks

Satchfan

JohnSnow

2015-10-14, 03:16

Machine seems to be doing much better after that last round of fixes.

Thanks for all your help

Latest logs follow:

Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by Abi (2015-10-13 19:51:01) Run:1
Running from C:\Users\Abi\Desktop
Loaded Profiles: Abi (Available Profiles: Abi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {5885ECFB-B6D1-4EDE-AF43-AED548EF4833} URL =
SearchScopes: HKU\S-1-5-21-1835340503-273950527-3103715778-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
2015-10-04 21:32 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b
2015-10-04 21:31 - 2015-10-04 21:33 - 00000000 ____D C:\Program Files (x86)\Feed Notifier
2015-10-04 21:30 - 2015-10-07 20:59 - 00000000 ____D C:\Users\Abi\AppData\Roaming\RunDir
2015-10-04 21:30 - 2015-10-04 21:30 - 00000045 _____ C:\user.js
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Windows\system32\dev
2015-10-04 21:30 - 2015-10-04 21:30 - 00000000 ____D C:\Users\Abi\AppData\Local\Tempfolder
2015-10-04 21:28 - 2015-10-05 06:17 - 00000292 _____ C:\Windows\Tasks\yxnb.job
2015-10-04 21:27 - 2015-10-07 20:21 - 00170747 _____ C:\Windows\wininit.ini
2015-10-04 21:25 - 2015-10-08 22:12 - 00000000 ____D C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005
2015-10-04 21:25 - 2015-10-06 20:45 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Roaming\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Users\Abi\AppData\Local\Opera Software
2015-10-04 21:20 - 2015-10-05 18:27 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-04 21:20 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-04 21:19 - 2015-10-04 21:19 - 00000000 ____D C:\Users\Abi\AppData\Local\Geckofx
2015-10-04 21:17 - 2015-10-06 21:51 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio => ""="service"
CMD: ipconfig /flushdns
EmptyTemp:
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5885ECFB-B6D1-4EDE-AF43-AED548EF4833}" => key removed successfully
HKCR\CLSID\{5885ECFB-B6D1-4EDE-AF43-AED548EF4833} => key not found.
"HKU\S-1-5-21-1835340503-273950527-3103715778-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => not found.
c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => moved successfully
C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => not found.
C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll => not found.
C:\Program Files (x86)\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b => moved successfully
C:\Program Files (x86)\Feed Notifier => moved successfully
C:\Users\Abi\AppData\Roaming\RunDir => moved successfully
C:\user.js => moved successfully
C:\Windows\system32\dev => moved successfully
C:\Users\Abi\AppData\Local\Tempfolder => moved successfully
C:\Windows\Tasks\yxnb.job => moved successfully
C:\Windows\wininit.ini => moved successfully
C:\Program Files (x86)\119312c4-11b3-4129-ab16-95e16f122005 => moved successfully
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\Users\Abi\AppData\Roaming\Opera Software => moved successfully
C:\Users\Abi\AppData\Local\Opera Software => moved successfully
C:\Program Files (x86)\Opera => moved successfully
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\Abi\AppData\Local\Geckofx => moved successfully
C:\Program Files (x86)\KMSPico 10.0.6 => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Kixjucfio" => key removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.4 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:52:36 ====

------------------------------------------------------------------------------------------------
# AdwCleaner v5.013 - Logfile created 13/10/2015 at 20:06:28
# Updated 09/10/2015 by Xplode
# Database : 2015-10-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Abi - Abi-Laptop
# Running from : C:\Users\Abi\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : HKLM\SOFTWARE\navegaki
[-] Key Deleted : HKLM\SOFTWARE\im-dosearch
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1
[!] Key Not Deleted : [x64] HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : [x64] HKLM\SOFTWARE\navegaki
[-] Key Deleted : [x64] HKLM\SOFTWARE\im-dosearch

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1949 bytes] ##########

Satchfan

2015-10-14, 10:58

I'm glad things seem to be well now.

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan (http://www.eset.com/online-scanner)

click the Run Eset online Scanner button
for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

o click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
o double click on the Eset installer icon on your desktop.

check Yes, I accept the Terms of Use
click the Start button
accept any security warnings from your browser
check Enable detection of potentially unwanted applications
click Advanced settings and select the following:

o scan archives
o scan for potentially unsafe applications
o enable Anti-Stealth technology

Note: Do not check Remove found threats

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
when the scan completes, push List of found threats
push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Note - if ESET doesn't find any threats, no report will be created.

push the back button.
push Finish

When the scan is complete:

If no threats were found:

o put a checkmark in "Uninstall application on close"
o close program
o report to me that nothing was found.

If threats were found:

o click on "list of threats found"
o click on "export to text file" and save it as ESET results and save to the desktop
o click on back
o put a checkmark in "Uninstall application on close"
o click on finish
o close program
o copy and paste the report here.

Thanks

Satchfan

JohnSnow

2015-10-17, 04:19

C:\AdwCleaner\Quarantine\C\Program Files\shopperz011020151101\Kixjucfio.EXE.vir a variant of Win32/RiskWare.Komodia.J application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\hnsfFB53.tmp.vir a variant of Win32/Adware.ConvertAd.ZE application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\A0FEA676-1444007998-E111-9F63-E98E551D30CD\knsqCB46.tmp.vir a variant of Win32/Adware.ConvertAd.AAI application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-11.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\1a6a8721-b58e-429f-80a4-bb17deea77ff.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\3c849da4-59fd-46e4-b720-3c2f7fcf62b1.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\a690a876-c5b2-4e85-bfa0-e8f63b97d804.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\a690a876-c5b2-4e85-bfa0-e8f63b97d804.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaP-1.9cV04.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-11.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\54a3041d-99ff-429c-936a-d64130846f89.crx.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\a7b90909-69c6-46c5-b0e3-de2d47858766.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\fde14152-ef36-4e91-992b-abb2ca12e38b.crx.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\fde14152-ef36-4e91-992b-abb2ca12e38b.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV04.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\b35d9475-1079-47e9-b589-74ee7bd164bf.crx.vir JS/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\b35d9475-1079-47e9-b589-74ee7bd164bf.dll.vir a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\eec3d8c3-6b61-4094-9b64-34b591fa5e47.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-3.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-64.exe.vir a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\efbdfbf3-aa47-462e-b912-1c138b57c7c5-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser 1.0.2V06.10\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe.vir a variant of MSIL/Adware.Vitruvian.A application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\A0FEA676-1443993646-E111-9F63-E98E551D30CD\onsa84DE.tmp.vir Win32/Adware.ConvertAd.AAG application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\bvxvexvbg\bvxvexvbg.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\DeskBar\2.6.5.0\DeskBar.exe.vir a variant of MSIL/Goobzo.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\102.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\104.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\119.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\14.js.vir JS/Toolbar.Crossrider.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\178.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\179.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\180.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\184.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\19.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\195.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\200.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\220.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\223.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\231.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\232.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\234.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\242.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\252.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\253.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\273.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\281.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\288.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\300.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\311.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\334.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\335.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\339.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\356.js.vir JS/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\376.js.vir JS/Toolbar.Crossrider.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\380.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\385.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\390.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\391.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\419.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\424.js.vir JS/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\47.js.vir JS/Toolbar.Crossrider.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\64.js.vir JS/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\extensionData\plugins\97.js.vir JS/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\8e3d4a71c60adf7e0e481a61af985563.js.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\1b92538e9b5fc70d39e7a57345b39e3e.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\86a763b3ae1f08c92ce3d9f482b451ed.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\api\a28e83e9a96d2d301df58fb15df41115.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\45858129d16879a6b95a4e5a4c35cee1.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\4993660ba4c16459f9fa1f92c7b51139.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\d77e6e8f1174be1eb9953f59e05916d0.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\dbfbf1f6009dac0974cd056f6a0cde86.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\dc9f68679eeb6752cf18f4f90da3c8db.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\ee0d1604a9ee2453aea2416a3d06738a.js.vir JS/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Abi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh\1.26.102_0\js\lib\eee626fb15240dc5edf64d1d273fea64.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\swsedrvr_vt_1_10_0_25.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\Kixjucfio.dll.vir a variant of Win32/RiskWare.Komodia.I application
C:\Users\Abi\Downloads\FLVPlayer-Chrome (1).exe NSIS/TrojanDownloader.Adload.AP trojan
C:\Users\Abi\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AP trojan
C:\Users\Abi\Downloads\PREACTIVATED WINDOWS 7 + WINDOWS 8.1 +OFFICE 2013 PRO PLUS\Win7.x64.20in1.en-US.Sept2013.iso a variant of Win32/HackKMS.W potentially unsafe application

Satchfan

2015-10-17, 09:09

I noticed signs that you may have had pirated software on your computer and this has confirmed it.

Maybe this result will show you that as well as being illegal, how harmful downloading Cracked/Keygens/Warez programs can be. There are threats going around now that are un-cleanable and do so much damage that a format and reinstall of windows is the only option.

This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it: continuing to help you could be viewed as supporting/condoning illegal software.

This fix will delete the infected iso.

Please copy all text in the code box below and paste it into Notepad:

@echo off
del /f /s /q "C:\Users\Abi\Downloads\FLVPlayer-Chrome (1).exe”
del /f /s /q “C:\Users\Abi\Downloads\FLVPlayer-Chrome.exe”
del /f /s /q "C:\Users\Abi\Downloads\PREACTIVATED WINDOWS 7 + WINDOWS 8.1 +OFFICE 2013 PRO PLUS\Win7.x64.20in1.en-US.Sept2013.iso”
del %0

save the Notepad file to your desktop and name it delfiles.bat
save type as "All Files"
on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.

Please let me know if there are any remaining problems and if all is well I’ll send instructions to tidy up.

Satchfan

Satchfan

2015-10-19, 23:59

Hi John

It has been a few days since I sent my last set of instructions to finalise the cleaning of your computer.

Please let me know if you still need help. If I do not hear from you within 24 hours I'll assume that all is now OK and close this topic.

Satchfan

Satchfan

2015-10-22, 09:54

Since this issue appears to be resolved, this topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic re-opened, please contact a staff member with the address of the thread.

Everyone else please read this (http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-%28Please-read-this-Procedure-Before-Requesting-Assistance%29-Updated) and then start a New Topic here (http://forums.spybot.info/forumdisplay.php?22-Malware-Removal).